from the thank-you-section-230 dept

Infamous adware maker Zango may finally be dead, but its lawsuits live on. You may recall a few years back Zango sued security software maker Kaspersky for calling its product "spyware." A court found that Kaspersky has every right to label the software as it feels is appropriate, noting that it's immune from complaints from Zango under section 230 of the CDA.

Zango appealed, claiming that Kaspersky shouldn't be immune because the CDA was only supposed to apply to websites, not software makers. The 9th circuit appeals court clearly disagrees and points out that this is exactly the sort of thing Section 230 should protect. It's always nice to see courts reaffirm the immunity granted by Section 230 -- especially since those protections have been under attack lately. Update: Eric Goldman has more.

from the about-time dept

Remember back in the days of surreptitiously installed adware/spyware? For the most part, those days are gone, driven out by better security, FTC crackdowns and more sophisticated users. However, one of the big companies in the space, Zango, hung around for years, and finally shut down.

The company, which was originally known as 180Solutions, raised millions from VCs who didn't seem to recognize just how hated the company was, and just how many of its installs weren't by choice, but through annoyance. Then, for years, the company kept trying and failing to shake the "spyware" label, always blaming "bad actors" in its distribution network, but doing little to actually stop any of those bad actors. At times, it even rewarded them or made ridiculous claims about how its software couldn't be used for sneaky installs any more, despite plenty of evidence to the contrary. Incredibly, the company merged with another infamous adware firm and renamed the new company after the firm's most hated app Zango. And then, of course, came the lawsuits and a settlement with the FTC, which the company didn't appear to live up to. Most recently, the company was supposed to have "reinvented itself" in the "casual gaming" market.

Of all things, I'd actually run into some folks from the company at a conference last year, where they were pitching their "innovative advertising solutions," but would clam up or use misdirection any time you asked them for specifics about who would see the ads and how the software had gotten on their computers in the first place. In the meantime, one of the company's founders has written up something of a post mortem, where he suggests that only 4% of their installs early on were "completely silent," but doesn't note how many weren't necessarily "silent," but were done through trickery or a lack of full info. He also blames others in the space for being worse, and getting a bad rap because of their actions. Eventually, he also admits that the company also never provided much value in exchange for the advertisements, and at least is willing to admit that the company's management "was brain-dead" and should have recognized this early on. It's a fairly open and honest piece on what happened, though I think he doesn't give nearly enough blame to the company itself. It was quite evident how problematic the company's actions were from a very early stage, and the fact that it continued right up until recently suggests this wasn't just a case of a few small mistakes, but a systematic culture at or around the company that encouraged those types of actions.

from the and-so-it-goes dept

We've talked about Zango's continued claims that it's a changed company from the one that paid huge fines for tricking people into downloading its intrusive adware, but somethings never really seem to change. An anonymous reader points us to an ad found on a bunch of legitimate video game sites recently, pitching a new Batman online virtual world game, but if you click through, it turns out that it's just a severely limited demo version of a client-side Batman game from 2001. Despite the ad promising all sorts of things, such as "play online with your friends" the actual download has none of that... but it does include an install of Zango. Chris Boyd, who figured all this out wonders why the sites that ran this ad did so, knowing that it was almost certainly bogus. Zango, of course, will blame a "rogue affiliate" which is what they always do -- but Boyd wonders why they won't actually identify who's responsible.

from the out-of-the-frying-pan,-into-the-fire dept

We've pointed out for years the various questionable activities performed by adware firm Zango (or one of its earlier incarnations). The company has gone through so many changes it's tough to follow, but every time it insists that it has somehow "cleaned up" its act, it doesn't take long for researchers to find evidence to the contrary. For a while, the company was in hot water with the FTC for tricking people into downloading its adware. It eventually settled with the FTC, paying a hefty fine. These days, once again, the company insists that it's reinvented itself to focus on the "casual gaming market."

However, that doesn't appear to be the case. I recently saw a presentation from the company where it didn't mention casual gaming at all, but instead called itself a "publisher" of content -- though it was quite vague and evasive about just what kind of content. Perhaps that's because it doesn't want parties like the MPAA to know. As Ben Edelman had noticed a few months ago -- and now more and more security researchers are finding, Zango's software is being offered up by folks who are promising fully pirated movies.

It makes you wonder if Zango recognizes that dealing with the MPAA may be a lot less pleasant than fighting the FTC. Of course, maybe the MPAA recognizes that when pirated movies come with intrusive adware like Zango, it only gives pirated movies a bad name.

from the like-anyone-trusts-them dept

If you've heard of the company Zango, it's probably for bad reasons. Zango is a company that was created when some separate adware firms merged and took a new name. The company kept insisting that it had reformed and wasn't using surreptitious installs any more -- but every time it said that, it didn't take long to find evidence proving that wrong. This happened time after time after time after time after time. Many of these happened after the FTC got the company to agree to stop these practices.

Well, now the company is trying to reinvent itself yet again -- claiming that it's going to focus on the "casual gaming" market -- and due to this, it's laying off 68 people. One would hope that these layoffs are for the folks responsible for building the malware part of their business. Of course, it was just a few weeks ago that security researcher Ben Edelman was demonstrating more problems with Zango's new business model.

from the what's-in-a-name dept

All too often, we've seen cases where security software firms were sued for calling some piece of software "spyware" or "adware." In fact, Microsoft even wanted to make sure that new anti-spyware legislation would make it clear that there's nothing wrong with calling spyware "spyware." However, in the latest ruling on one of these cases (in which Zango sued Kaspersky), the ruling makes it clear we already have such a law on the books. The judge dismissed the lawsuit, noting that security firms have every right to label software as they see fit, citing part of section 230 of the Communications Decency Act.

We often point to section 230, because it protects service providers from liability for the actions of the service providers' users. However, this is referring to a different part of section 230, which says that no service provider is liable for a good faith attempt to restrict access to something it deems objectionable. The court felt that the security company was a service provider, and that since it believed Zango was objectionable, then it has every right to try to restrict it. The court makes a second very important point. Zango complains that its software is not objectionable, and therefore the security providers cannot block it as objectionable. However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.